I'm new to Linux but I'm about to start using a VPS to host my website. I've been reading about and it's been mentioned that I need to make sure that all of my logs are rotating and compressed, but I don't understand how to do that. I'll be using Plesk but I understand that it will only cover a few logs, so how do I make sure that all my logs are rotated? And is there an easier way to view them than by using grep/cat?

2 Answers
2

logrotate is a stand alone program you can run from the command-line. The primary documentation would be the man page (man logrotate) which has a section about the format of the CONFIGURATION FILE. There is no default config file; it must be specified. Usually logrotate is run via cron, so you'll find a reference to it in your cron configuration (along with the explicit logrotate config file). On fedora derived things like CentOS, it is probably /etc/logrotate.conf. However, logrotate also allows for an include directive. You'll notice in the CONFIGURATION FILE section of the man page (under "Here is more information on the directives which may be included in a logrotate configuration file"):

include [file_or_directory]

Reads the file given as an argument as if it was included inline where
the include directive appears. If a directory is given, most of the
files in that directory are read in alphabetic order before processing
of the including file continues. The only files which are ignored are
files which are not regular files (such as directories and named
pipes) and files whose names end with one of the taboo extensions, as
specified by the tabooext directive.

This is of interest since directives can supersede (contradict and override) one another, and they are processed inline; from the beginning of that section: "each configuration file can set global options (local definitions override global ones, and later definitions override earlier ones)" so if you include a file then contradict a directive in it, this last directive wins. Get used to reading man pages! They are your friend!

If you look at your /etc/logrotate.conf, you'll probably find a line like this;

include /etc/logrotate.d

And /etc/logrotate.d will be a directory. This allows individual applications to add files there so their individual logs can be rotated appropriately. Obviously you can add your own and modify whatever you want.

There are logrotate tutorials around if you find the man page a little dense initially. It's a great tool. The easiest thing to do is set up an experimental conf file outside the default directory that you can run by specifying that on the command-line. Make it refer to something specific so you don't create a mess whilst experimenting, and you should be able to get a handle on how things work that way.

Note that you don't have to run logrotate via cron; you can do it manually or via some other method depending on how you prefer to administer the server.

Thank you for your answer, some very interesting information. I will look at the man page and see if I can find any tutorials online, but I think I understand it a bit better. Am I correct in saying that for every application that generates a log, there should be a config file in logrotate.d to tell log rotate what to do with the log? Do programs that generate logs normally add a config file to this directory by default when they are installed?
–
AndyJul 10 '13 at 18:50

Yes, every app with logs should have an entry in logrotate.d (or logrotate.conf depending). As to whether installing software creates one, it's more common than not if you use a Linux distribution (like Debian, CentOS, etc.) rather than rolling your own.
–
EightBitTonyJul 10 '13 at 18:58

@EightBitTony Thanks for confirming that, I'll probably check that any software I install does create one anyway just in case. When I posted this question I thought using logrotate would take ages to configure but the more I read about, the simpler it's seeming and the benefits are becoming apparent. I just can't seem to find the answer to where the compressed logs are stored and how I would get them back if needed? Also, how, do you suggest, is best and easiest to view the logs? Should I use something like greylog2 or just stick with the CLI?
–
AndyJul 11 '13 at 18:36

@Andy rather than enter a long discussion, best to add these kinds of things to your original question, or, ask another question on the site. I've updated my answer though to respond to your specific point.
–
EightBitTonyJul 11 '13 at 18:55

@EightBitTony Ok, thanks for your reply. I've upvoted your edited answer and I would probably upvote it one more if I could, but I'm going to accept goldilocks' answer because it was the more complete and helped me to understand 'what was going on' with logrotate better. I'll have a look around for the answers to the other questions I had and if I can't find them, I'll probably ask another question on the site. Thanks
–
AndyJul 12 '13 at 15:33

Many Linux distributions include log rotation by default, for the common log file formats. I don't know CentOS well enough to say whether it's included, but the configuration is usually in /etc/logrotate* (e.g. /etc/logrotate.conf and/or /etc/logrotate.d/)

So if you're talking about the basic log files, they're probably already catered for. Logrotate usually leaves the rotated (and optionally compressed) logs in the original directory in which they were created (which of course, varies per log), with most operating system logs being found in /var/log (on many distributions).

Linux distributions with package managers and people packaging software, usually ensure that when you install something that has logs, a new entry gets placed in the relevant logrotate location. That's one of the things you 'get' with a Linux distribution that you don't get by just downloading and compiling source. It's not a guarantee, some packaged software doesn't have it, but it's more common than not.

If you want to report on logs (you won't want to read them all), then you need to look at solutions such as logwatch which is included with CentOS. It can be configured to mail you daily reports and summaries from all the regular log files on the server.

It's okay for one or two servers, but it's too much to handle if you get up to half a dozen or more at which point you need something else.

Thanks for your answer. I do believe that CentOS has logrotate from what I am ready, but I wasn't quite sure how to use it? For example, does it cover all logs by default? If I install a package/software that generates additional logs, will they be automatically covered or would I have to append the log location to a config file or something? etc.
–
AndyJul 10 '13 at 14:54